Bug 4831

Summary: URL for registration confirmation and password reset is too long and thus badly converted to an hyperlink by some email agents
Product: Websites Reporter: Pinco Pallo <il.maury>
Component: identity.mageia.orgAssignee: Sysadmin Team <sysadmin-bugs>
Status: NEW --- QA Contact:
Severity: minor    
Priority: Normal CC: rdalverny, sysadmin-bugs
Version: trunk   
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: https://identity.mageia.org/register
Whiteboard:
Source RPM: CVE:
Status comment:

Description Pinco Pallo 2012-03-06 23:16:13 CET 
Description of problem:
The url in the email registration confirmation and password reset is not entirely an internet address

Version-Release number of selected component (if applicable):
-

How reproducible:
Request of a password reset
New registration

Steps to Reproduce:
1.
2.
3.
Comment 1 Manuel Hiebel 2012-03-07 12:51:04 CET 
I see 

"Dear Manuel Hiebel,
Your Mageia account has been requested to change the password. If you did not do this, or you do not want to change your password; you can just do nothing.
To reset your password, please follow the link below.
https://identity.mageia.org/forgot_password/confirm?secret

Why it's not an internet address ?
Romain d'Alverny 2012-03-07 14:06:56 CET

Keywords: (none) => NEEDINFO
CC: (none) => rdalverny

Comment 2 Romain d'Alverny 2012-03-07 22:52:01 CET 
Reported from a private mail, the issue is that the full URL, with the full secret, exceeds 80 characters. Some mailer agents wrap the URL or fail to properly parse the full URL.

So that's a minor issue, but indeed, reducing the length of the URL (the path or the secret or both) could help in this regard.
Manuel Hiebel 2012-03-07 23:25:37 CET

Keywords: NEEDINFO => (none)
CC: (none) => sysadmin-bugs

Comment 3 Pinco Pallo 2012-03-08 10:40:10 CET 
(In reply to comment #1)
> I see 
> 
> "Dear Manuel Hiebel,
> Your Mageia account has been requested to change the password. If you did not
> do this, or you do not want to change your password; you can just do nothing.
> To reset your password, please follow the link below.
> https://identity.mageia.org/forgot_password/confirm?secret
> 
> Why it's not an internet address ?


I received the following:

Dear Pinco Pallo,
Your Mageia account has been requested to change the password. If
you did not do this, or you do not want to change your password; you
can just do nothing.
To reset your password, please follow the link below.
https://identity.mageia.org/forgot_password/confirm?secret=95B95A02
-67D7-11E1-9277-E744B5518DFA

--
http://www.mageia.org/

where up to A02 is an hyperlink and from -67 is plain text (it's an example). As you can see not all the link is reported as an Internet address. Tried yesterday 3 times with the service of recover password. I used
workaround of copy and paste the rest of url in address bar. The same happened during the registration confirmation.
Comment 4 RĂ©mi Verschelde 2015-09-10 14:36:35 CEST 
I don't think Atelier can do anything about this, assigning to sysadmins.

Assignee: atelier-bugs => sysadmin-bugs
Summary: The url for registration confirmation and password reset is not entirely an internet address => URL for registration confirmation and password reset is too long and thus badly converted to an hyperlink by some email agents